<pre style='margin:0'>
Christopher Nielsen (mascguy) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/8662ecd1af7e9dc7947c583f85ad94880ea2b97b">https://github.com/macports/macports-ports/commit/8662ecd1af7e9dc7947c583f85ad94880ea2b97b</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 8662ecd1af7 privoxy: Bugfix, add privoxy-pki-bundle subport that depends on other PKI bundles
</span>8662ecd1af7 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 8662ecd1af7e9dc7947c583f85ad94880ea2b97b
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Sun Mar 27 20:13:37 2022 -0400
<span style='display:block; white-space:pre;color:#404040;'> privoxy: Bugfix, add privoxy-pki-bundle subport that depends on other PKI bundles
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> * Fixes: https://trac.macports.org/ticket/64892
</span><span style='display:block; white-space:pre;color:#404040;'> * Submission of privoxy-pki-bundle
</span>---
www/privoxy/Portfile | 914 +++++++++++++++++++++++++++------------------------
1 file changed, 481 insertions(+), 433 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/privoxy/Portfile b/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 42d3837e77d..56e71ce9534 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,12 +1,10 @@
</span> # -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
PortSystem 1.0
<span style='display:block; white-space:pre;background:#ffe0e0;'>-PortGroup gpg_verify 1.0
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-PortGroup perl5 1.0
</span>
name privoxy
version 3.0.33
<span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 2
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 3
</span> categories www security net
platforms darwin
license GPL-2
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -25,548 +23,598 @@ long_description Privoxy is a web proxy with advanced filtering \
</span>
homepage https://www.privoxy.org/
<span style='display:block; white-space:pre;background:#ffe0e0;'>-master_sites ${homepage}/sf-download-mirror/Sources/${version}%20%28stable%29
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-distname ${name}-${version}-stable-src
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-distfiles ${distname}${extract.suffix}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-extract.only ${distname}${extract.suffix}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set tls_ca_dir ${prefix}/etc/${name}/ca.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set privoxy_ca_dir ${prefix}/etc/${name}/CA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set user_pki_bundle ${privoxy_ca_dir}/user-pki-bundle.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set privoxyGroup privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set privoxyUser privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+add_users ${privoxyUser} group=${privoxyGroup}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+proc plutil_startup {plcmds label} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ global prefix startupitem.location
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach cmd ${plcmds} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${prefix}/etc/${startupitem.location}/${label} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/usr/bin/plutil ${cmd} ${label}.plist"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if {${name} eq ${subport}} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ PortGroup gpg_verify 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ PortGroup perl5 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ master_sites ${homepage}/sf-download-mirror/Sources/${version}%20%28stable%29
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ distname ${name}-${version}-stable-src
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ distfiles ${distname}${extract.suffix}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ extract.only ${distname}${extract.suffix}
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums ${distname}${extract.suffix} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ checksums ${distname}${extract.suffix} \
</span> rmd160 4d01969cc52686c268a5e07e74e48c36bc4aa10b \
sha256 04b104e70dac61561b9dd110684b250fafc8c13dbe437a60fae18ddd9a881fae \
size 1579540
<span style='display:block; white-space:pre;background:#ffe0e0;'>-gpg_verify.use_gpg_verification \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gpg_verify.use_gpg_verification \
</span> yes
<span style='display:block; white-space:pre;background:#ffe0e0;'>-if {[option gpg_verify.use_gpg_verification]} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- distfiles-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[option gpg_verify.use_gpg_verification]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ distfiles-append \
</span> ${distname}${extract.suffix}.asc
<span style='display:block; white-space:pre;background:#ffe0e0;'>- checksums-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ checksums-append \
</span> ${distname}${extract.suffix}.asc \
size 833
<span style='display:block; white-space:pre;background:#ffe0e0;'>- post-checksum {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- gpg_verify.verify_gpg_signature \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-checksum {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gpg_verify.verify_gpg_signature \
</span> ${filespath}/keyid-691822918BA2371C.txt \
${distpath}/${distname}${extract.suffix}.asc \
${distpath}/${distname}${extract.suffix}
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-set perl5_major_min 5.28
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-if {${perl5.major} eq "" || ${perl5.major} < ${perl5_major_min}} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- perl5.major ${perl5_major_min}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set perl5_major_min 5.28
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {${perl5.major} eq "" || ${perl5.major} < ${perl5_major_min}} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ perl5.major ${perl5_major_min}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-worksrcdir ${name}-${version}-stable
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ worksrcdir ${name}-${version}-stable
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-depends_lib-append port:brotli \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_lib-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:brotli \
</span> port:pcre \
port:zlib
<span style='display:block; white-space:pre;background:#ffe0e0;'>-depends_run-append port:perl${perl5.major} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_run-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:perl${perl5.major} \
</span> port:p${perl5.major}-getopt-long \
port:p${perl5.major}-time-local
<span style='display:block; white-space:pre;background:#ffe0e0;'>-set privoxyGroup privoxy
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-set privoxyUser privoxy
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-add_users ${privoxyUser} group=${privoxyGroup}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # bash commands to generate patch files from new upstream configuration files
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## export prefix=${prefix:-/opt/local}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## mkdir privoxy-orig privoxy-new
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## sudo cp ${prefix}/etc/privoxy/config.new privoxy-orig/config
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## sudo cp ${prefix}/etc/privoxy/match-all.action.new privoxy-orig/match-all.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## sudo cp ./privoxy-orig/config ./privoxy-new/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## sudo cp ./privoxy-orig/match-all.action ./privoxy-new/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## sudo chown `whoami` privoxy-orig/config privoxy-new/config privoxy-orig/match-all.action privoxy-new/match-all.action
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## patch -p0 -f -l -N privoxy-new/config < ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/www/privoxy/files/patch-config.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## patch -p0 -f -l -N privoxy-new/match-all.action < ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/www/privoxy/files/patch-match-all.action.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## diff -NaurdwB ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)\/(config)(\.[[:alnum:]]+)*/\.\/\2/' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-config.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ## diff -NaurdwB ./privoxy-orig/match-all.action ./privoxy-new/match-all.action | sed -E -e 's/\.\/privoxy-(orig|new)\/(match-all\.action)(\.[[:alnum:]]+)*/\.\/\2/' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-match-all.action.diff
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-proc plutil_startup {plcmds label} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- global prefix startupitem.location
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- foreach cmd ${plcmds} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- system -W ${prefix}/etc/${startupitem.location}/${label} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "/usr/bin/plutil ${cmd} ${label}.plist"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patchfiles-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patch-config.diff
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# bash commands to generate patch files from new upstream configuration files
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-## export prefix=${prefix:-/opt/local}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-## mkdir privoxy-orig privoxy-new
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-## sudo cp ${prefix}/etc/privoxy/config.new privoxy-orig/config
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-## sudo cp ${prefix}/etc/privoxy/match-all.action.new privoxy-orig/match-all.action
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-## sudo cp ./privoxy-orig/config ./privoxy-new/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-## sudo cp ./privoxy-orig/match-all.action ./privoxy-new/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-## sudo chown `whoami` privoxy-orig/config privoxy-new/config privoxy-orig/match-all.action privoxy-new/match-all.action
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-## patch -p0 -f -l -N privoxy-new/config < ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/www/privoxy/files/patch-config.diff
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-## patch -p0 -f -l -N privoxy-new/match-all.action < ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/www/privoxy/files/patch-match-all.action.diff
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-## diff -NaurdwB ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)\/(config)(\.[[:alnum:]]+)*/\.\/\2/' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-config.diff
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-## diff -NaurdwB ./privoxy-orig/match-all.action ./privoxy-new/match-all.action | sed -E -e 's/\.\/privoxy-(orig|new)\/(match-all\.action)(\.[[:alnum:]]+)*/\.\/\2/' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-match-all.action.diff
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-patchfiles-append patch-config.diff
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-post-patch {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- reinplace "s|@@PREFIX@@|${prefix}|g" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${worksrcpath}/config
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-patch {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace "s|@@PREFIX@@|${prefix}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${worksrcpath}/config
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-pre-configure {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- configure.args-append --with-user=${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- --with-group=${privoxyGroup}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pre-configure {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ configure.args-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ --with-user=${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ --with-group=${privoxyGroup}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${worksrcpath} "autoheader"
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>- system -W ${worksrcpath} "autoheader"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-use_autoconf yes
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-configure.args --sysconfdir=${prefix}/etc/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ use_autoconf yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ configure.args --sysconfdir=${prefix}/etc/${name} \
</span> --mandir=${prefix}/share/man \
--enable-compression \
--enable-dynamic-pcre \
--enable-zlib \
--with-brotli
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# work around bug 30345
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-post-configure {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file delete ${workpath}/.CC_PRINT_OPTIONS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# man page; reinplace paths for stability across version updates
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-post-build {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- reinplace -E "s#(\\\\fI)((/(etc|var|log))+/privoxy(/\[-.*\[:alnum:]]*)*\\\\fR)#\\1${prefix}\\2#g" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${worksrcpath}/${name}.8
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- reinplace -E "s#(\\\\fI)/usr((/\[-.*\[:alnum:]]*)*/privoxy(/\[-.*\[:alnum:]]*)*\\\\fR)#\\1${prefix}\\2#g" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${worksrcpath}/${name}.8
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-destroot.keepdirs ${destroot}${prefix}/var/log/${name} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/var/run
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # work around bug 30345
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-configure {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file delete ${workpath}/.CC_PRINT_OPTIONS
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-post-destroot {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # install Privoxy tools
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -d ${destroot}${prefix}/etc/${name}/tools
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- foreach f [glob ${worksrcpath}/tools/*.pl] {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set pl [file tail ${f}]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m 0755 ${f} ${destroot}${prefix}/etc/${name}/tools
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- reinplace -W ${destroot}${prefix}/etc/${name}/tools -E \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "1 s|^(#!)/usr/bin/perl|\\1${perl5.bin}|" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${pl}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # man page; reinplace paths for stability across version updates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-build {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -E "s#(\\\\fI)((/(etc|var|log))+/privoxy(/\[-.*\[:alnum:]]*)*\\\\fR)#\\1${prefix}\\2#g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${worksrcpath}/${name}.8
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -E "s#(\\\\fI)/usr((/\[-.*\[:alnum:]]*)*/privoxy(/\[-.*\[:alnum:]]*)*\\\\fR)#\\1${prefix}\\2#g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${worksrcpath}/${name}.8
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -d ${destroot}${prefix}/var/run
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Install and fixup startup script (if non-Darwin)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {${os.platform} ne "darwin"} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -d ${destroot}${prefix}/etc/rc.d
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m 0755 -W ${worksrcpath} privoxy-generic.init \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/etc/rc.d/${name}.sh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/log/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/run
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- system -W ${destroot}${prefix}/etc/rc.d "patch -p0 < ${filespath}/patch-privoxy.sh.diff"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- reinplace "s|@@PREFIX@@|${prefix}|g" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/etc/rc.d/${name}.sh
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[existsuser ${privoxyUser}] != 0} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- reinplace "s|@@PRIVOXY_USER@@|${privoxyUser}|g" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/etc/rc.d/${name}.sh
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- } else {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- reinplace "s|@@PRIVOXY_USER@@|$env(USER)|g" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/etc/rc.d/${name}.sh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # install Privoxy tools
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${destroot}${prefix}/etc/${name}/tools
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach f [glob ${worksrcpath}/tools/*.pl] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set pl [file tail ${f}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0755 ${f} ${destroot}${prefix}/etc/${name}/tools
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -W ${destroot}${prefix}/etc/${name}/tools -E \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "1 s|^(#!)/usr/bin/perl|\\1${perl5.bin}|" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${pl}
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Rename these so local modifications are not removed on uninstall.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # NOTE: Always overwrite default.action and default.filter.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- foreach privoxyConf {config match-all.action trust user.action user.filter} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[file exists ${destroot}${prefix}/etc/${name}/${privoxyConf}]} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file rename ${destroot}${prefix}/etc/${name}/${privoxyConf} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/etc/${name}/${privoxyConf}.new
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${destroot}${prefix}/var/run
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Install and fixup startup script (if non-Darwin)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {${os.platform} ne "darwin"} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${destroot}${prefix}/etc/rc.d
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0755 -W ${worksrcpath} privoxy-generic.init \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/rc.d/${name}.sh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${destroot}${prefix}/etc/rc.d "patch -p0 < ${filespath}/patch-privoxy.sh.diff"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace "s|@@PREFIX@@|${prefix}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/rc.d/${name}.sh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[existsuser ${privoxyUser}] != 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace "s|@@PRIVOXY_USER@@|${privoxyUser}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/rc.d/${name}.sh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace "s|@@PRIVOXY_USER@@|$env(USER)|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/rc.d/${name}.sh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # backup config files before fix #23970
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[file exists ${prefix}/etc/${name}/${privoxyConf}] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Rename these so local modifications are not removed on uninstall.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # NOTE: Always overwrite default.action and default.filter.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach privoxyConf {config match-all.action trust user.action user.filter} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[file exists ${destroot}${prefix}/etc/${name}/${privoxyConf}]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file rename ${destroot}${prefix}/etc/${name}/${privoxyConf} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name}/${privoxyConf}.new
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # backup config files before fix #23970
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[file exists ${prefix}/etc/${name}/${privoxyConf}] \
</span> && ![file exists ${prefix}/etc/${name}/${privoxyConf}.new]} {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- file copy ${prefix}/etc/${name}/${privoxyConf} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/etc/${name}/${privoxyConf}.mp_backup
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file copy ${prefix}/etc/${name}/${privoxyConf} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/etc/${name}/${privoxyConf}.mp_backup
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Remove the preinstalled log files as, otherwise, a rotation script
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # will fail when trying to rename and compress due to gzip not liking
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # multi-linked files (the one in ${prefix} and the one in
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # ${prefix}/var/db/dports/software/...)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file delete {*}[glob ${destroot}${prefix}/var/log/${name}/*]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Make sure log directory owned by privoxy user/group
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file attributes ${destroot}${prefix}/var/log/${name} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -group ${privoxyGroup} -owner ${privoxyUser}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-post-activate {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Make sure initial log files are present and setup correctly
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- foreach privoxyLog {jarfile logfile} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- touch ${prefix}/var/log/${name}/${privoxyLog}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Remove the preinstalled log files as, otherwise, a rotation script
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # will fail when trying to rename and compress due to gzip not liking
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # multi-linked files (the one in ${prefix} and the one in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ${prefix}/var/db/dports/software/...)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file delete {*}[glob ${destroot}${prefix}/var/log/${name}/*]
</span> if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- file attributes ${prefix}/var/log/${name}/${privoxyLog} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -permissions 0660
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Make sure log directory owned by privoxy user/group
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${destroot}${prefix}/var/log/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -group ${privoxyGroup} -owner ${privoxyUser}
</span> }
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- foreach privoxyConf {config match-all.action trust user.action user.filter} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {![file exists ${prefix}/etc/${name}/${privoxyConf}]} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # restore config files before fix #23970
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[file exists ${prefix}/etc/${name}/${privoxyConf}.mp_backup]} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file copy ${prefix}/etc/${name}/${privoxyConf}.mp_backup \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${prefix}/etc/${name}/${privoxyConf}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- } else {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file copy ${prefix}/etc/${name}/${privoxyConf}.new \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${prefix}/etc/${name}/${privoxyConf}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Make sure initial log files are present and setup correctly
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach privoxyLog {jarfile logfile} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ touch ${prefix}/var/log/${name}/${privoxyLog}
</span> if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- file attributes ${prefix}/etc/${name}/${privoxyConf} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${prefix}/var/log/${name}/${privoxyLog} \
</span> -group ${privoxyGroup} -owner ${privoxyUser} \
-permissions 0660
}
}
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach privoxyConf {config match-all.action trust user.action user.filter} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {![file exists ${prefix}/etc/${name}/${privoxyConf}]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # restore config files before fix #23970
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[file exists ${prefix}/etc/${name}/${privoxyConf}.mp_backup]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file copy ${prefix}/etc/${name}/${privoxyConf}.mp_backup \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${name}/${privoxyConf}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file copy ${prefix}/etc/${name}/${privoxyConf}.new \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${name}/${privoxyConf}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${prefix}/etc/${name}/${privoxyConf} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -permissions 0660
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-set tls_ca_dir ${prefix}/etc/${name}/ca.macports
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-variant https_inspection \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- description {Use Privoxy HTTPS inspection.} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- depends_build-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ variant https_inspection \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description {Use Privoxy HTTPS inspection.} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_build-append \
</span> port:sf-pwgen
<span style='display:block; white-space:pre;background:#ffe0e0;'>- depends_lib-append \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- path:share/apple-pki-bundle/apple-pki-bundle.pem:apple-pki-bundle \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- path:share/curl/curl-ca-bundle.crt:curl-ca-bundle \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_lib-append \
</span> path:bin/openssl:openssl \
path:lib/libssl.dylib:openssl
<span style='display:block; white-space:pre;background:#ffe0e0;'>- patchfiles-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_run-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:${name}-pki-bundle
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patchfiles-append \
</span> patch-match-all.action.diff
<span style='display:block; white-space:pre;background:#ffe0e0;'>- post-patch {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- reinplace -E "s|^#(ca-directory )|\\1|" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${worksrcpath}/config
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- reinplace -E "s|^#(certificate-directory )|\\1|" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${worksrcpath}/config
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-patch {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -E "s|^#(ca-directory )|\\1|" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${worksrcpath}/config
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace -E "s|^#(certificate-directory )|\\1|" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${worksrcpath}/config
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # random 4-word-based passphrase
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- proc correct_horse_battery_staple {} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # ignore errors from sf-pwgen if the password is shorter than requested
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set passphrase \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- [join [exec sh -c "sf-pwgen \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- --algorithm memorable --count 2 --length 16 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 2>/dev/null || true"] -]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # set random passphrase if sf-pwgen's is too short for some reason
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[string length ${passphrase}] < 20} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # random 4-word-based passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proc correct_horse_battery_staple {} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ignore errors from sf-pwgen if the password is shorter than requested
</span> set passphrase \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- [exec sh -c "openssl rand -base64 23 2>/dev/null \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- | sed 's|=*\$||' || true"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [join [exec sh -c "sf-pwgen \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ --algorithm memorable --count 2 --length 16 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 2>/dev/null || true"] -]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # set random passphrase if sf-pwgen's is too short for some reason
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[string length ${passphrase}] < 20} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set passphrase \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [exec sh -c "openssl rand -base64 23 2>/dev/null \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ | sed 's|=*\$||' || true"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return ${passphrase}
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>- return ${passphrase}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- configure.args-append \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- --with-openssl
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ configure.args-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ --with-openssl
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- destroot.keepdirs-append \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/etc/${name}/CA \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/var/${name} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/var/${name}/certs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${privoxy_ca_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/${name}/certs
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- post-destroot {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m 770 -d \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/etc/${name}/CA \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/var/${name} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/var/${name}/certs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${privoxy_ca_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/var/${name}/certs
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file attributes ${destroot}${prefix}/etc/${name}/CA \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${destroot}${privoxy_ca_dir} \
</span> -group ${privoxyGroup} -owner ${privoxyUser}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- file attributes ${destroot}${prefix}/var/${name} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${destroot}${prefix}/var/${name} \
</span> -group ${privoxyGroup} -owner ${privoxyUser}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- file attributes ${destroot}${prefix}/var/${name}/certs \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${destroot}${prefix}/var/${name}/certs \
</span> -group ${privoxyGroup} -owner ${privoxyUser}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # TLS Root CA configuration
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -d ${destroot}${tls_ca_dir}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m 0700 -d ${destroot}${tls_ca_dir}/private
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- destroot.keepdirs-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TLS Root CA configuration
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${destroot}${tls_ca_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0700 -d ${destroot}${tls_ca_dir}/private
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs-append \
</span> ${destroot}${tls_ca_dir} \
${destroot}${tls_ca_dir}/private
<span style='display:block; white-space:pre;background:#ffe0e0;'>- foreach d {certs crl newcerts} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach d {certs crl newcerts} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d \
</span> ${destroot}${tls_ca_dir}/${d}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- destroot.keepdirs-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs-append \
</span> ${destroot}${tls_ca_dir}/${d} \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span> ${filespath}/openssl.cnf \
${destroot}${tls_ca_dir}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # cat all trusted PKI bundles to a single file
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set outfile [open ${destroot}${tls_ca_dir}/trustedCAs.pem-temp w]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- close ${outfile}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- system -W ${destroot}${tls_ca_dir} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "${prefix}/share/apple-pki-bundle/bin/pems_that_wont_expire_soon.sh \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${prefix}/share/apple-pki-bundle/apple-pki-bundle.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- >> ${destroot}${tls_ca_dir}/trustedCAs.pem-temp"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- copy ${destroot}${tls_ca_dir}/trustedCAs.pem-temp \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${tls_ca_dir}/trustedCAs.pem
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- system -W ${destroot}${tls_ca_dir} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "${prefix}/share/apple-pki-bundle/bin/pems_not_in_pemfile.sh \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${prefix}/share/curl/curl-ca-bundle.crt \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${tls_ca_dir}/trustedCAs.pem-temp \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- >> ${destroot}${tls_ca_dir}/trustedCAs.pem"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if { [variant_isset "user_pki_bundle"] \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- && [file exists ${user_pki_bundle}]} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- delete ${destroot}${tls_ca_dir}/trustedCAs.pem-temp
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- copy ${destroot}${tls_ca_dir}/trustedCAs.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${tls_ca_dir}/trustedCAs.pem-temp
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- system -W ${destroot}${tls_ca_dir} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "${prefix}/share/apple-pki-bundle/bin/pems_not_in_pemfile.sh \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${user_pki_bundle} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${tls_ca_dir}/trustedCAs.pem-temp \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- >> ${destroot}${tls_ca_dir}/trustedCAs.pem"
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>- delete ${destroot}${tls_ca_dir}/trustedCAs.pem-temp
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${tls_ca_dir}/trustedCAs.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/etc/${name}/CA
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file attributes \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${destroot}${prefix}/etc/${name}/CA/trustedCAs.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -permissions 0664
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pre-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [file exists ${tls_ca_dir}] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ move \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- pre-activate {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if { [file exists ${tls_ca_dir}] } {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- delete ${tls_ca_dir}.previous
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- move ${tls_ca_dir} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${tls_ca_dir}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # CA passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # generate a strong password, use for openssl -passin and -passout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set tls_ca_passphrase \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [correct_horse_battery_staple]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set tls_ca_passphrase_fd \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [open ${tls_ca_dir}/private/passphrase.txt w 0600]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -passin or -passout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ puts ${tls_ca_passphrase_fd} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_passphrase}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -passout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ puts ${tls_ca_passphrase_fd} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_passphrase}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ close ${tls_ca_passphrase_fd}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # create the root CA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${tls_ca_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "sh <<TLS_PRIVOXY_ROOT_CA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # initialize
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ touch index.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo 1000 > serial
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # CA encrypted key
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # EC
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl genpkey -out private/ca.key.pem -algorithm EC \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -pkeyopt ec_paramgen_curve:P-384 -aes256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -pass file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # RSA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # openssl genpkey -out private/ca.key.pem -algorithm RSA \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -pkeyopt rsa_keygen_bits:2048 -aes256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -passout file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ chmod go-rw private/ca.key.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # CA certificate
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl req -config openssl.cnf \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -new -x509 -days 1460 -sha256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -extensions v3_ca \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out certs/ca.cert.pem -key private/ca.key.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passin file:private/passphrase.txt -batch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # CA certificate openssl self-verification
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl verify -CAfile certs/ca.cert.pem certs/ca.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Convert to .cer DER and .p12 for other uses
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl x509 -outform der -in certs/ca.cert.pem -out certs/ca.cer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -export -out certs/ca.p12 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -inkey private/ca.key.pem -in certs/ca.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passin file:private/passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passout file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # verify .p12 passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -noout -in certs/ca.p12 -passin file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+TLS_PRIVOXY_ROOT_CA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![file exists ${privoxy_ca_dir}/ca.cert.pem]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || ![file exists ${privoxy_ca_dir}/ca.key.pem] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/certs/ca.cert.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${privoxy_ca_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/private/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${privoxy_ca_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/certs/ca.cer \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${privoxy_ca_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/certs/ca.p12 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${privoxy_ca_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${privoxy_ca_dir}/ca.cert.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -permissions 0664
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${privoxy_ca_dir}/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -permissions 0664
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${privoxy_ca_dir}/ca.cer \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -permissions 0664
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${privoxy_ca_dir}/ca.p12 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -permissions 0664
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Do not overwrite ca-password, but this is where it goes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # reinplace -E -q "s|^#(ca-password\[\[:space:]]+)\[^\[:space:]]*)|\\1${tls_ca_passphrase}|" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ${prefix}/etc/${name}/config
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- post-activate {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # CA passphrase
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # generate a strong password, use for openssl -passin and -passout
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set tls_ca_passphrase \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- [correct_horse_battery_staple]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set tls_ca_passphrase_fd \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- [open ${tls_ca_dir}/private/passphrase.txt w 0600]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # -passin or -passout
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- puts ${tls_ca_passphrase_fd} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${tls_ca_passphrase}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # -passout
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- puts ${tls_ca_passphrase_fd} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${tls_ca_passphrase}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- close ${tls_ca_passphrase_fd}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # create the root CA
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- system -W ${tls_ca_dir} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "sh <<TLS_PRIVOXY_ROOT_CA
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # initialize
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- touch index.txt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- echo 1000 > serial
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # CA encrypted key
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # EC
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "Edit ${prefix}/etc/${name}/match-all.action to specify\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ which domains will use https-inspection.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Configure HTTPS inspection by creating a local Privoxy\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ certificate authority (CA). As sudo:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cp -R ${prefix}/etc/${name}/ca.macports ca.hostname && cd ca.hostname
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # edit openssl.cnf for your local organizationName, commonName, etc.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # generate a strong password, use for both -passin and -passout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # avoid passphrases with '#' as the passphrase is set in config
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sf-pwgen --algorithm memorable --count 2 --length 24 2>/dev/null \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ | paste -s -d -- '-' 1> private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cat private/passphrase.txt private/passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ > private/passphrase-dbl.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && mv private/passphrase-dbl.txt private/passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || rm -f private/passphrase-dbl.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ chmod go-rwx private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # private key (EC)
</span> openssl genpkey -out private/ca.key.pem -algorithm EC \\
-pkeyopt ec_paramgen_curve:P-384 -aes256 \\
-pass file:private/passphrase.txt
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # RSA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # private key (RSA)
</span> # openssl genpkey -out private/ca.key.pem -algorithm RSA \\
# -pkeyopt rsa_keygen_bits:2048 -aes256 \\
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # -passout file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- chmod go-rw private/ca.key.pem
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # CA certificate
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl req -config openssl.cnf \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -new -x509 -days 1460 -sha256 \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -extensions v3_ca \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -out certs/ca.cert.pem -key private/ca.key.pem \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -passin file:private/passphrase.txt -batch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -pass file:private/passphrase.txt
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # CA certificate openssl self-verification
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Certificate PEM, DER, and P12
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl req -config openssl.cnf -new -x509 -days 3650 -sha256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -extensions v3_ca -out certs/ca.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -key private/ca.key.pem -passin file:private/passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -batch
</span> openssl verify -CAfile certs/ca.cert.pem certs/ca.cert.pem
<span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Convert to .cer DER and .p12 for other uses
</span> openssl x509 -outform der -in certs/ca.cert.pem -out certs/ca.cer
<span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl pkcs12 -export -out certs/ca.p12 \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -inkey private/ca.key.pem -in certs/ca.cert.pem \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -passin file:private/passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -export -out certs/ca.p12 -inkey private/ca.key.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -in certs/ca.cert.pem -passin file:private/passphrase.txt \\
</span> -passout file:private/passphrase.txt
# verify .p12 passphrase
<span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl pkcs12 -noout -in certs/ca.p12 -passin file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-TLS_PRIVOXY_ROOT_CA
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if { ![file exists ${prefix}/etc/${name}/CA/ca.cert.pem]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- || ![file exists ${prefix}/etc/${name}/CA/ca.key.pem] } {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${tls_ca_dir}/certs/ca.cert.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${prefix}/etc/${name}/CA
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${tls_ca_dir}/private/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${prefix}/etc/${name}/CA
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${tls_ca_dir}/certs/ca.cer \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${prefix}/etc/${name}/CA
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${tls_ca_dir}/certs/ca.p12 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${prefix}/etc/${name}/CA
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file attributes ${prefix}/etc/${name}/CA/ca.cert.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -permissions 0664
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file attributes ${prefix}/etc/${name}/CA/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -permissions 0664
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file attributes ${prefix}/etc/${name}/CA/ca.cer \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -permissions 0664
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file attributes ${prefix}/etc/${name}/CA/ca.p12 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -permissions 0664
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -noout -in certs/ca.p12 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passin file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Install the Privoxy PKI
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cp -p private/ca.key.pem certs/ca.cert.pem certs/ca.cer certs/ca.p12 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${privoxy_ca_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Edit ${prefix}/etc/${name}/config and set ca-password
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Import and trust the CA in Keychain Access
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Keychain\\ Access.app> Import ca.cer or ca.p12 into \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ the System keychain, trust for X.509.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Disable MITM for the CA on some FF configurations
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Firefox.app> about:config> security.enterprise_roots.enabled> true"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Add notes if this is installed: ${name}-pki-bundle +user_pki_bundle
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![catch {set result [registry_active ${name}-pki-bundle]}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && [string match "*+user_pki_bundle*" [lindex [lindex ${result} 0] 3]] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[exists notes]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # leave a blank line after the existing notes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append ""
</span> }
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append "User PKI certificates will be added from the file\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${user_pki_bundle} (ASCII PEM file)\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ via the port '${name}-pki-bundle +user_pki_bundle'.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # Do not overwrite ca-password, but this is where it goes
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # reinplace -E -q "s|^#(ca-password\[\[:space:]]+)\[^\[:space:]]*)|\\1${tls_ca_passphrase}|" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # ${prefix}/etc/${name}/config
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- notes \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "Edit ${prefix}/etc/${name}/match-all.action to specify\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- which domains will use https-inspection.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- Configure HTTPS inspection by creating a local Privoxy\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- certificate authority (CA). As sudo:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- cp -R ${prefix}/etc/${name}/ca.macports ca.hostname && cd ca.hostname
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # edit openssl.cnf for your local organizationName, commonName, etc.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # generate a strong password, use for both -passin and -passout
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # avoid passphrases with '#' as the passphrase is set in config
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sf-pwgen --algorithm memorable --count 2 --length 24 2>/dev/null \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- | paste -s -d -- '-' 1> private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- cat private/passphrase.txt private/passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- > private/passphrase-dbl.txt \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- && mv private/passphrase-dbl.txt private/passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- || rm -f private/passphrase-dbl.txt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- chmod go-rwx private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # private key (EC)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl genpkey -out private/ca.key.pem -algorithm EC \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -pkeyopt ec_paramgen_curve:P-384 -aes256 \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -pass file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # private key (RSA)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # openssl genpkey -out private/ca.key.pem -algorithm RSA \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # -pkeyopt rsa_keygen_bits:2048 -aes256 \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # -pass file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Certificate PEM, DER, and P12
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl req -config openssl.cnf -new -x509 -days 3650 -sha256 \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -extensions v3_ca -out certs/ca.cert.pem \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -key private/ca.key.pem -passin file:private/passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -batch
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl verify -CAfile certs/ca.cert.pem certs/ca.cert.pem
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl x509 -outform der -in certs/ca.cert.pem -out certs/ca.cer
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl pkcs12 -export -out certs/ca.p12 -inkey private/ca.key.pem \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -in certs/ca.cert.pem -passin file:private/passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -passout file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # verify .p12 passphrase
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl pkcs12 -noout -in certs/ca.p12 \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -passin file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Install the Privoxy PKI
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- cp -p private/ca.key.pem certs/ca.cert.pem certs/ca.cer certs/ca.p12 \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${prefix}/etc/${name}/CA
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Edit ${prefix}/etc/${name}/config and set ca-password
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Import and trust the CA in Keychain Access
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- Keychain\\ Access.app> Import ca.cer or ca.p12 into \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- the System keychain, trust for X.509.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Disable MITM for the CA on some FF configurations
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- Firefox.app> about:config> security.enterprise_roots.enabled> true"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[variant_isset "user_pki_bundle"]} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[exists notes]} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # leave a blank line after the existing notes
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- notes-append ""
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- notes-append "User PKI certificates will be added from the file\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${user_pki_bundle} (ASCII PEM file)."
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-variant ecc \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- requires https_inspection \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- description {Use Elliptic Curve Keys for HTTPS Inspection.} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # diff -NaurdwB ./privoxy-orig/openssl.c ./privoxy-new/openssl.c | sed -E -e 's/\.\/privoxy-(orig|new)\//\.\//' > ~/Downloads/patch-openssl.c.diff
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # diff -NaurdwB ./privoxy-orig/ssl_common.h ./privoxy-new/ssl_common.h | sed -E -e 's/\.\/privoxy-(orig|new)\//\.\//' > ~/Downloads/patch-ssl_common.h.diff
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- patchfiles-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ variant ecc \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ requires https_inspection \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description {Use Elliptic Curve Keys for HTTPS Inspection.} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # diff -NaurdwB ./privoxy-orig/openssl.c ./privoxy-new/openssl.c | sed -E -e 's/\.\/privoxy-(orig|new)\//\.\//' > ~/Downloads/patch-openssl.c.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # diff -NaurdwB ./privoxy-orig/ssl_common.h ./privoxy-new/ssl_common.h | sed -E -e 's/\.\/privoxy-(orig|new)\//\.\//' > ~/Downloads/patch-ssl_common.h.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patchfiles-append \
</span> patch-openssl.c.diff \
patch-ssl_common.h.diff
<span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-set user_pki_bundle ${prefix}/etc/${name}/CA/user-pki-bundle.pem
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-variant user_pki_bundle \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- requires https_inspection \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- description "Add user PKI certificates from ${user_pki_bundle}" {}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-default_variants-append \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- +https_inspection \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- +user_pki_bundle
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ default_variants-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ +https_inspection
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-startupitem.create yes
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-startupitems \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- name Privoxy \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- init "pidfile=\"\${prefix}/var/run/${name}.pid\"" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- start [list "\[ -f \"\${prefix}/etc/${name}/config\" \] \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitem.create \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitems \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ name Privoxy \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ init "pidfile=\"\${prefix}/var/run/${name}.pid\"" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ start [list "\[ -f \"\${prefix}/etc/${name}/config\" \] \\" \
</span> "\t&& \"\${prefix}/sbin/${name}\" \\" \
"\t\t--pidfile \"\${pidfile}\" \\" \
"\t\t--user ${privoxyUser} \\" \
"\t\t\"${prefix}/etc/${name}/config\" 2>/dev/null" \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ] \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- stop [list "if \[ -f \"\${pidfile}\" \]; then" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ stop [list "if \[ -f \"\${pidfile}\" \]; then" \
</span> "\tkill \$(cat \"\${pidfile}\") \\" \
"\t\t&& rm -f \"\${pidfile}\"" \
"else" \
"\t/usr/bin/killall -SIGUSR1 privoxy 2>/dev/null" \
"fi" \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ] \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- pidfile [list auto ${prefix}/var/run/${name}.pid]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pidfile [list auto ${prefix}/var/run/${name}.pid]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "https_inspection"] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ startupitems-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ name Privoxy.delete-expired-certs \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ executable \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /bin/bash \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pidfile none
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # bruteforce expiration launchd daemon
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Privoxy certs are issued for 30 days; delete every week
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert Program -string /bin/bash" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-replace ProgramArguments \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -xml '<array> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/bin/bash</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>-c</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>for c in ${prefix}/var/${name}/certs/*.crt; do if ! openssl x509 -checkend 0 -noout -in "\${c}" 1> /dev/null 2>&1; then rm -f "\${c}" "\${c%.crt}.pem"; fi; done</string> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>'" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "-insert StartCalendarInterval \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -xml '<dict> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Weekday</key> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>7</integer> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Hour</key> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>0</integer> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Minute</key> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>30</integer> \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>'" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.Privoxy.delete-expired-certs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-if { [variant_isset "https_inspection"] } {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- startupitems-append \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- name Privoxy.delete-expired-certs \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- executable /bin/bash \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- pidfile none
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ livecheck.type regex
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ livecheck.url ${homepage}announce.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ livecheck.regex Announcing Privoxy (\[0-9.\]+)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- post-activate {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # bruteforce expiration launchd daemon
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Privoxy certs are issued for 30 days; delete every week
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- plutil_startup [list \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "-insert Program -string /bin/bash" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "-replace ProgramArguments \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -xml '<array> \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- <string>/bin/bash</string> \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- <string>-c</string> \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- <string>for c in ${prefix}/var/${name}/certs/*.crt; do if ! openssl x509 -checkend 0 -noout -in "\${c}" 1> /dev/null 2>&1; then rm -f "\${c}" "\${c%.crt}.pem"; fi; done</string> \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- </array>'" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "-remove KeepAlive" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "-insert StartCalendarInterval \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -xml '<dict> \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- <key>Weekday</key> \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- <integer>7</integer> \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- <key>Hour</key> \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- <integer>0</integer> \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- <key>Minute</key> \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- <integer>30</integer> \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- </dict>'" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ] \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- org.macports.Privoxy.delete-expired-certs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subport ${name}-pki-bundle {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ license MIT
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description PKI Bundle for ${name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ long_description \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {*}${description}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ master_sites
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ distfiles
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ extract.only
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_lib-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:apple-pki-bundle \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:curl-ca-bundle
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ use_configure no
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ build {}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${destroot}${privoxy_ca_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes ${destroot}${privoxy_ca_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -group ${privoxyGroup} -owner ${privoxyUser}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # cat all trusted PKI bundles to a single file
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${destroot}${privoxy_ca_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${prefix}/share/apple-pki-bundle/bin/pems_that_wont_expire_soon.sh \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/share/apple-pki-bundle/apple-pki-bundle.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ >> ${destroot}${privoxy_ca_dir}/trustedCAs.pem-temp"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ copy ${destroot}${privoxy_ca_dir}/trustedCAs.pem-temp \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${privoxy_ca_dir}/trustedCAs.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${destroot}${privoxy_ca_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${prefix}/share/apple-pki-bundle/bin/pems_not_in_pemfile.sh \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/share/curl/curl-ca-bundle.crt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${privoxy_ca_dir}/trustedCAs.pem-temp \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ >> ${destroot}${privoxy_ca_dir}/trustedCAs.pem"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "user_pki_bundle"] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && [file exists ${user_pki_bundle}]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete ${destroot}${privoxy_ca_dir}/trustedCAs.pem-temp
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ copy ${destroot}${privoxy_ca_dir}/trustedCAs.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${privoxy_ca_dir}/trustedCAs.pem-temp
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${destroot}${privoxy_ca_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "${prefix}/share/apple-pki-bundle/bin/pems_not_in_pemfile.sh \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${user_pki_bundle} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${privoxy_ca_dir}/trustedCAs.pem-temp \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ >> ${destroot}${privoxy_ca_dir}/trustedCAs.pem"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete ${destroot}${privoxy_ca_dir}/trustedCAs.pem-temp
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[existsuser ${privoxyUser}] != 0 && [existsgroup ${privoxyGroup}] != 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file attributes \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${privoxy_ca_dir}/trustedCAs.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -group ${privoxyGroup} -owner ${privoxyUser} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -permissions 0664
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
<span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${privoxy_ca_dir}
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-livecheck.type regex
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-livecheck.url ${homepage}announce.txt
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-livecheck.regex Announcing Privoxy (\[0-9.\]+)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ variant user_pki_bundle \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description "Add user PKI certificates from ${user_pki_bundle}" {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "User PKI certificates will be added from the file\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${user_pki_bundle} (ASCII PEM file)."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ default_variants-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ +user_pki_bundle
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ livecheck none
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span></pre><pre style='margin:0'>
</pre>